Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CRAVEX: Vulnerability exploitability: Reachability integration #103

Open
pombredanne opened this issue May 8, 2024 · 2 comments
Open

CRAVEX: Vulnerability exploitability: Reachability integration #103

pombredanne opened this issue May 8, 2024 · 2 comments
Assignees
@DennisClark
Labels
design needed Design details needed to complete the issue vulnerabilities Vulnerability Management

Comments

@pombredanne
Copy link
Member

pombredanne commented May 8, 2024
edited by mjherzog
Loading

Create models and design API to integrate external tool's reachability analysis results inform vulnerability ranking
@DennisClark
Copy link
Member

A reachable vulnerability has a path from your code to the root cause of a vulnerability.

Gauge risk by identifying whether a function related to the vulnerability is being called by your application, raising the chances of that vulnerability being exploitable in the context of your application.

@DennisClark DennisClark added the vulnerabilities Vulnerability Management label Jun 19, 2024
@DennisClark DennisClark self-assigned this Jun 24, 2024
@DennisClark DennisClark added the design needed Design details needed to complete the issue label Jun 24, 2024
@DennisClark
Copy link
Member

A "reachability ranking" appears to be relevant to product or other first-party code ("your code") and applies to that usage context.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DennisClark DennisClark

Labels
design needed Design details needed to complete the issue vulnerabilities Vulnerability Management
Projects
CRAVEX
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pombredanne @DennisClark